Delve into the nuts and bolts of networked sharing

Networking has become one of the most essential elements of computing. Forget processors. Forget graphics cards.

We know you can string together your own home network. A wired network is sheer block-building child's play.

A wireless network isn't much more strenuous, largely thanks to WPS reducing the complicated bit to little more than a button press or two. Or if you're like us you might memorise your WPA key, being able to think for ourselves and all.

But we're here to delve into the murky world of Windows networking and file sharing.

We're not talking the Homegroup system here; Microsoft has done a decent job of making that easy enough to use. We're going to delve into the Windows NT networking system that underpins this and indeed all of Windows file sharing.

That's the key here - not only does it arm you with the knowledge to twiddle with network shares on Windows 7, but without too many complications, everything from Windows NT, XP Server right through to Vista and Windows 8.

It's a reassuringly complex system, which once you understand the basic elements, is easy to deploy with total control, allowing you to decide who, how and exactly what is shared and accessible over your network. Let's not also forget the ability to limit, monitor and revoke access too.

Like we said, Homegroup is fine if you're seeking the basic control. For complete control you want to unleash the full Windows network file sharing.

So why when Microsoft goes to all that time and trouble to provide an easy route, should you care to learn the hard way? Frankly because it offers far more flexibility for a little more investment of your time. Besides, once you've nailed the more complex systems, they work with and are the Homegroup system anyway. So you can pick and choose depending on how tiered you want to make your file sharing access.

The truth is that the networking that exists inside all of Microsoft's current products is the same underlying system that was built into Windows NT back in 1993. As you should know, Windows NT became the core of Windows 2000 aka NT v5 and then Windows XP as NT 5.1. The whole Windows range was effectively merged with Windows Vista as NT v6 and onwards.

Technically, Windows 8, RT and Server 2012 will all be based on Windows NT v6.2. This underlying architecture for Windows NT has remained the same then, with security handled through the Security Reference Monitor system, using Access Control Lists and unique Security Identifi ers called SIDs to orchestrate this symphony.

Home nuisance

Over the years Microsoft has attempted to simplify the job of managing networked file shares, which in our opinion only helped to confuse the situation. We'll take advantage of some of these interface changes, since they offer shortcuts to sharing folders, but we're going to avoid Homegroup.

Homegroup is a streamlined way of getting file sharing to work over a home network. Similar to wireless networking WPS, it uses a PIN to prove valid authentication between systems. This is great if you can be bothered with difficult-to-remember 10-digit pins and having to change all those default folders, so you don't share them with every Tom, Dick and Harriet each time you initiate it. It's not a bad system but it's still riding on the coat tails of something that's more flexible.

We also worry that it hands access to remote systems without any additional credential checking, which is to say once a PC is given access it always has access no matter who's using it. So if PC A used by Bob is given access to PC B, when little Timmy gets on PC A, Timmy's going to be able to access everything on PC B.

It also doesn't help that networking issues are painful to diagnose, while the easy-to-use interface elements plug into the traditional networking anyway.

Part of this new system is the somewhat pointless Set Network Location selection. Get to it by selecting 'Start' > 'Control Panel' > 'Network and Internet' > 'Network and sharing' and under 'View your active networks' select the current Home/Work/Public network link. The only reason to select Home network is that it enables Homegroup, while Work network disables Homegroup. The Public network option is handy as it locks down network access to the system when on an untrusted network.

Despite its semi-hidden nature this does present a useful way of turning off the Homegroup, though the additional Homegroup home will stay visible in the Navigation pane till the sun engulfs the earth in its fiery embrace. Thanks Microsoft.

Group hug

With that unpleasantness done away with, we can focus our attention on how the core Windows networked file-sharing works. We're not starting at the beginning, as you were expecting. Instead we're going to look at Windows User Accounts.

What on God's green earth has that got to do with networking? Well, Groups, Users and Login sessions are core to the Windows security system. You're going to be able to enable remote access to systems on three levels.

The first is the Public shared folders that anyone can access. The next is Guest group access. This is for anyone who doesn't have a user account. Finally there's User Account access, which requires that you enter credentials to access shared folders from a remote system.

This complex arrangement ultimately results in a highly flexible one, the small amount of initial user and group set up is easy enough to manage. It enables you to create groups that all have the same access privileges or provide personalised access to files and folders on an individual user basis. This also goes hand in hand with password protection and policy control over the password usage. On a basic level users can be created and managed via the standard User Accounts Control Panel and if you want it, it's easy to enable the Guest Account access level here too.

However, we find the best method is to do this via the Computer Management console. Access this by either typing compmgmt.msc into the Run dialog or else right-click 'Computer' - the desktop icon or Start Menu entry - select 'Manage' and select the 'Local Users and Groups' section. It's also worth mentioning at this point the Shared Folders section that lives, handily, just above Local Users and Groups.

As you create file and folder shares these will become listed under the Shares section. This makes the Computer Management Console a good way to manage most aspects of networked file sharing from one place. Over time, if you're sharing a good number of folders, it can become confusing as to exactly what you've shared and with who.

The Shares section offers a list of everything shared in one place and with all the controls you need. Right-click the share you're interested in and you can immediately stop sharing or choose 'Properties' to adjust the sharing options. This Users Properties dialog enables you to limit the number of users that can have active sessions.

For the most part this won't be of use for home users, but there are times when this could be useful, if bandwidth is an issue or you have a high number of users for some reason.

The Share Permissions tab is also useful for easily changing the access permissions for groups and users. It's unlikely you'll need to delve into the Security tab, but this does offer more detailed control over what users can do within shares.

Network names

It's a minor point but worth covering as it's certainly not obvious. When you're messing around with networking the name of the PC you're working on is set via the Computer Properties.

Right-click either the desktop icon or Start Menu Computer entry, select 'Properties' and under the Computer name… section click the 'Change settings' link. Click the 'Change' button - why you can't just click this back in the Properties is beyond us - and change the 'Computer name' to whatever you want to view within the Network neighbourhood (as it used to be called).

You might also be wondering about the Workgroup name that can also be changed in here. Back in the day of Windows 3 and 95 this could be used to segregate PCs into groups, making it impossible for different Workgroups to share files or services.

Today the Workgroup concept has been eliminated and it's effectively unused. It's all a bit of a blur now, but back in those days NetBIOS took the major lead in network file sharing, with the additional Microsoft SMB protocol on top of this. From Windows 2000 onwards the Microsoft SMB protocol did away with NetBIOS and so the need for Workgroups.

Despite dumping NetBIOS to retain compatibility the naming conventions for the computer and Workgroup remain. That's a case-free name, without any spaces, no longer than 15 characters long with restrictions on special characters, which is to say almost no punctuation apart from a dash.

Not that advanced

The most confusing aspect of Windows network file sharing is how to switch it to the correct mode, so that the PC is actually happy to accept password connections. This blazingly basic concept is buried in the 'Change advanced sharing settings' section found off the side panel of the Network and Sharing Center Control Panel.

The best way to access this is to right-click on the 'Notification Network' icon, select 'Open Network and Sharing Center' and click 'Change advanced sharing settings'. There's a list of very important options in here, many of which have to be set correctly for file sharing to work.

Be aware these options are duplicated over two separate sections in here. One section covers the Home/Work Network Location and the other below this, covers operating in a Public Network Location mode. The first two options - Turn on network discovery, and Turn on file and printer sharing - we hope are self-evident. Both need to be selected for this to work well.

The 'Public folder sharing' option is an interesting one. If you want a simple way to easily share files to everyone then this is a great option. The folder already exists within the {system drive}:\Users\Public folder. Be aware, this enables anyone connected to the same network as yourself to copy, move and delete any old files they wish within those public folders.

This isn't the only way of providing simple password-free guest sharing, but it's a one-shot option you might be interested in. The next two options we're going to skirt around.

Media sharing is something PC Format has covered extensively in the past and media streaming is where you control the basic Windows Media Player and generic DLNA servering features. The File sharing connections option can be left at 128-bit encryption for better security. As far as we know this should function correctly with almost everything.

The 'Turn off password protected sharing' option is a prime one. If you're happy to have anyone access shared folders marked with Guest access, then you can choose to turn this off. It's like public folder sharing but across the board for any folders you mark for Guest access. If you're happy to bare all to everyone on your home network, then this by far makes for the easiest file-sharing method. You still retain complete control over who can delete files on your server or computer by adjusting controls accordingly or limit access completely by marking them only for registered users.

Finally the Homegroup connections option needs to be turned off here so that we can control and create our own user permissions and shares. This part is a little confusing because, even when switched to off, all of the Homegroup interface elements remain visible within Windows. In fact, it's almost like Microsoft adds this stuff without thinking about it.

The final element we'll mention here, as it's not obvious, is if you want mixed-access of people with passwords - for secure items - and people you'd like to have Guest access without prompts or passwords. For example, we use a shared document folder that anyone can access without the need for a password. While back-up folders require a password, so files cannot be deleted or removed. For this type of setup you need to enable the Windows Guest account.

There are two ways to do this: one is via the 'Start Menu '> 'Control Panel' > 'User Accounts' > 'Add or remove user accounts' > 'Enable Guest Account'. Technically, this can also be activated via the Users section of the Management Computer Management Console. The Guest User is already created but you need to double-click it and clear the 'Account is disabled' tick box.

Once enabled, this in conjunction with the 'Turn off passwordprotected' sharing, enables Guest access to folders marked with Guest access privileges.

Share and share alike

With your system all setup you're now ready to create password-protected users and enable open-access guest shares, alongside password-protected folder shares. We'll go through doing just this in the walkthroughs, but the password-protected system requires the creation of a suitable user account with password.

The confusing element here is that the user account that you create has to match the same name as the remote system's user account name. Otherwise you will find that the remote system will either be limited to Guest access or be blocked entirely. This can create the odd situation where if you use the same account name on multiple computers they will all have to connect to the network using this same user account.

To add even more confusion to the situation, once you've created the same user-named account, remote users don't have to log on with the same credentials. Instead, you can create a more memorable username and password and that will still work for logging on to a remote share. This could, for example, be used when more than one person uses a computer with the same account.

The additional credentials enables people that know it to access additional shares. We're sure that there are other usage models that can be applied but that's the one that springs readily to mind.

Actually enabling the sharing of a folder or drive is a case of selecting the folder in question and using the Homegroup share system, which is the 'Share with' > 'Specific people…' menu option. Here you can now add Guest and specific Users then assign read/write permissions.